23 Oct 2009
Botnet use in click fraud skyrockets - SC Magazine US
Botnet use in click fraud skyrockets - SC Magazine US: "One botnet, a highly sophisticated click-fraud network of zombie computers dubbed the 'Bahama botnet,' was implicated in a recent scareware incident involving NYTimes.com display ads. The source of that attack was traced back to the Ukrainian Fan Club, a known group of online fraudsters, which redirected traffic through 200,000 parked domains located in the Bahamas."
21 Oct 2009
Review of Penetration Testing with BackTrack
This is the course I've registered to and about to engage in. Below, you'll find the 3rd part of a review for the course. I can't wait to get to that part...
The Ethical Hacker Network - Review: Penetration Testing with BackTrack by Offensive Security Part 3: "This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."
The Ethical Hacker Network - Review: Penetration Testing with BackTrack by Offensive Security Part 3: "This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."
Wordpress Exploit Scanner 0.5
Exploit Scanner 0.5: "The WordPress Exploit Scanner has been updated, with lots of help from Jon and Ryan.
In recent weeks blogs running older versions of WordPress were exploited. If you’re concerned that your blog might have been broken into, download the plugin and run it. It will find false positive results but it will do a reasonably good job of finding the code that’s inserted into a hacked site.
The plugin works by scanning every directory on your site. This is done recursively which unfortunately takes up quite a bi of memory. If you get an out of memory error please read the readme.txt as it has a suggestion for fixing the problem.
PS. WordPress 2.8.5 was released last night. Make sure you upgrade! A WordPress MU release will follow shortly"
In recent weeks blogs running older versions of WordPress were exploited. If you’re concerned that your blog might have been broken into, download the plugin and run it. It will find false positive results but it will do a reasonably good job of finding the code that’s inserted into a hacked site.
The plugin works by scanning every directory on your site. This is done recursively which unfortunately takes up quite a bi of memory. If you get an out of memory error please read the readme.txt as it has a suggestion for fixing the problem.
PS. WordPress 2.8.5 was released last night. Make sure you upgrade! A WordPress MU release will follow shortly"
Tripwire ConfigCheck for Virtual and Physical Infra.
Tripwire ConfigCheck - Configuration Control for Virtual and Physical Infrastructures: "Tripwire's ConfigCheck is a free utility that rapidly assesses the security of VMware ESX 3.0 and 3.5 hypervisor configurations compared to the VMware Infrastructure 3 Security Hardening guidelines. Developed by Tripwire in cooperation with VMware, Tripwire ConfigCheck ensures ESX environments are properly configured—offering immediate insight into unintentional vulnerabilities in virtual environments—and provides the necessary steps towards full remediation when they are not.
* Ensure recommended ESX configurations
* Discover possible vulnerabilities
* Deploy virtualization safely and securely
* Increase security posture of the entire enterprise
* Easily implement security and compliance best practices
* Reduce configuration drift"
* Ensure recommended ESX configurations
* Discover possible vulnerabilities
* Deploy virtualization safely and securely
* Increase security posture of the entire enterprise
* Easily implement security and compliance best practices
* Reduce configuration drift"
Facebook, Twitter users beware: Crooks are a mouse click away - CNN.com
Facebook, Twitter users beware: Crooks are a mouse click away - CNN.com: "It starts with a friend updating his or her status or sending you a message with an innocent link or video. Maybe your friend is in distress abroad and needs some help.
All you have to do is click.
When the message or link is opened, social network users are lured to fake Web sites that trick them into divulging personal details and passwords. The process, known as a phishing attack or malware, can infiltrate users' accounts without their consent.
Once the account is compromised, the thieves can infiltrate the list of friends or contacts and repeat the attack on subsequent victims. Social networking sites show there is ample opportunity to find more victims; the average Facebook user has 120 friends on the site."
All you have to do is click.
When the message or link is opened, social network users are lured to fake Web sites that trick them into divulging personal details and passwords. The process, known as a phishing attack or malware, can infiltrate users' accounts without their consent.
Once the account is compromised, the thieves can infiltrate the list of friends or contacts and repeat the attack on subsequent victims. Social networking sites show there is ample opportunity to find more victims; the average Facebook user has 120 friends on the site."
20 Oct 2009
Offensive Security Certified Professional (OCSP) Certification
Penetration Testing Training and Certification - BackTrack Training: "Students who successfully complete the Offensive Security 'Pentesting with BackTrack' certification challenge receive the OSCP certification (and 40 CPE credits for CISSP recert)."
Third Brigade VM Protection | Free Software for Cloud Computing Security
Third Brigade VM Protection | Free Software for Cloud Computing Security: Third Brigade VM Protection is free software you can use to quickly establish a line of defense, for as many as 100 virtual machines, whether deployed in a private or public cloud. Multiple layers of protection are combined in a single software agent to increase security and gain visibility into malicious activity targeting your VMs. Third Brigade VM Protection deploys quickly, is centrally managed, and is integrated with VMware's vCenter.
The Ethical Hacker Network - Certifications
The Ethical Hacker Network - Certifications: "There are not that many certifications specifically focused on ethical hacking, pen testing and incident response"
Disaster Recovery Journal - Debating Distance and Disasters
Disaster Recovery Journal - Dedicated to Business Continuity Since 1987 - Debating Distance and Disasters: "How far is far enough between primary and alternate sites?
There are a number of “easy” answers, but none are complete; none are “one size fits all” – just like a business continuity plan, the answer is unique to the organization.
Some basic questions every planner needs to ask include:
* What power grid provides AC to the organization?
* What are the weather risks?
* What about neighbors?
* What is your community’s target level?"
See also
Disaster Recovery Journal - How Far is 'Far Enough'?: "How far is enough? That was the question asked of Association of Contingency Planners (ACP) chapters in the United States. The intent of the survey question was to set standards from within the industry regarding how far an alternate facility and an off-site storage facility should be from the primary operations site. This article is a compilation and interpretation of the responses to that survey."
There are a number of “easy” answers, but none are complete; none are “one size fits all” – just like a business continuity plan, the answer is unique to the organization.
Some basic questions every planner needs to ask include:
* What power grid provides AC to the organization?
* What are the weather risks?
* What about neighbors?
* What is your community’s target level?"
See also
Disaster Recovery Journal - How Far is 'Far Enough'?: "How far is enough? That was the question asked of Association of Contingency Planners (ACP) chapters in the United States. The intent of the survey question was to set standards from within the industry regarding how far an alternate facility and an off-site storage facility should be from the primary operations site. This article is a compilation and interpretation of the responses to that survey."
See also this article
How social networking can hurt you
How social networking can hurt you: "At RSA Conference Europe 2009, Dr. Herbert Thompson talked about how attackers are launching innovative attacks against individuals and companies using the information shared over public social networking channels."
New NSS Labs Anti-Malware reports
2009 Q3 Anti-Malware Reports from NSS Labs:
- Corporate Endpoint Protection Products Q3 - 17 days of recurring testing of 10 corporate grade endpoint protection products vs. our Live Testing of socially engineered malware.
- Consumer Endpoint Protection Products Q3 - 17 days of recurring testing of 9 consumer grade endpoint protection products vs. our Live Testing of socially engineered malware."
NSS Labs Browser Phishing Test Report
Browser phishing report from NSS
Summary of report: During Q3, 2009 NSS Labs performed a group test of web browser protection against phishing attacks. This report examines the ability of five different web browsers to protect users.The results are based upon empirically validated evidence gathered by NSS Labs during 14 days of 24x7 testing against fresh, live malicious sites.
Summary of report: During Q3, 2009 NSS Labs performed a group test of web browser protection against phishing attacks. This report examines the ability of five different web browsers to protect users.The results are based upon empirically validated evidence gathered by NSS Labs during 14 days of 24x7 testing against fresh, live malicious sites.
6 Oct 2009
RSA: IBM delivers on Phantom promise - Network World
RSA: IBM delivers on Phantom promise - Network World: "At RSA Conference 2009, IBM/ISS will make good on a promise it made at last year’s RSA event to deliver protection for virtual environments.
The effort IBM/ISS called Project Phantom will bear fruit with the announcement of the Virtual Network Protection Platform, a network intrusion prevention system (IPS) for protecting virtual network segments.
Slideshow: Hot security products from RSA Conference 2009
ISS already made IPS software, but virtual environments in which virtual machines share the same hardware and replicate to other physical machines create blind spots where traditional IPS products have no vision."
The effort IBM/ISS called Project Phantom will bear fruit with the announcement of the Virtual Network Protection Platform, a network intrusion prevention system (IPS) for protecting virtual network segments.
Slideshow: Hot security products from RSA Conference 2009
ISS already made IPS software, but virtual environments in which virtual machines share the same hardware and replicate to other physical machines create blind spots where traditional IPS products have no vision."
Hackerdemia Disk Information and Download Link
Following is direct excerpt of the heorot forum.
Get the current Hackerdemia PenTest Tool Tutorial disk
The MD5 Hash Value: 09e960360714df7879679dee72ce5733
How to start the disk:
Boot the LiveCD on a system within your pentest lab, which needs to be configured to be in the 192.168.xxx.xxx range.
Connect to http://192.168.1.123 using a web browser (preferably in BackTrack or your favorite pentest platform)
You will be presented with a web page, which is your tutorials. All hands-on examples were created with the Hackerdemia disk as the target, so your results should exactly match those found in the tutorials.
Where to get the BackTrack disk:
http://remote-exploit.org/backtrack_download.html
Network configuration:
The LiveCD configures itself to an IP address of 192.168.1.123 by default. If you want to change it, simply log in as:
username: root
password: toor
...and change the ifconfig information (If you don't know what I'm talking about, go to: http://en.wikipedia.org/wiki/Ifconfig )"
See also:
http://heorot.net/instruction/tutorials/iso/hackerdemia-1.1.0.iso
http://heorot.net/instruction/tutorials/iso/de-ice.net-1.100-1.1.iso
http://heorot.net/instruction/tutorials/iso/de-ice.net-1.110-1.0.iso
Get the current Hackerdemia PenTest Tool Tutorial disk
The MD5 Hash Value: 09e960360714df7879679dee72ce5733
How to start the disk:
Boot the LiveCD on a system within your pentest lab, which needs to be configured to be in the 192.168.xxx.xxx range.
Connect to http://192.168.1.123 using a web browser (preferably in BackTrack or your favorite pentest platform)
You will be presented with a web page, which is your tutorials. All hands-on examples were created with the Hackerdemia disk as the target, so your results should exactly match those found in the tutorials.
Where to get the BackTrack disk:
http://remote-exploit.org/backtrack_download.html
Network configuration:
The LiveCD configures itself to an IP address of 192.168.1.123 by default. If you want to change it, simply log in as:
username: root
password: toor
...and change the ifconfig information (If you don't know what I'm talking about, go to: http://en.wikipedia.org/wiki/Ifconfig )"
See also:
http://heorot.net/instruction/tutorials/iso/hackerdemia-1.1.0.iso
http://heorot.net/instruction/tutorials/iso/de-ice.net-1.100-1.1.iso
http://heorot.net/instruction/tutorials/iso/de-ice.net-1.110-1.0.iso
Conficker Eye Chart
The Conficker Eye Chart helps end-users determine if they are infected with Conficker. If indeed you are infected, please make sure that you remove it properly. This may mean reinstallation but before you do that, visit the repair tools list. Actually, here's an even bigger list.
4 Oct 2009
TELUS | Download the 2009 Rotman-TELUS Study
The results of the 2009 Rotman-TELUS Joint Study on Canadian IT Security Practices are now available. Interesting points from the one pager summary:
Breaches
• Breaches and annual costs are up; per breach costs are down
• Canada catching up to USA in terms of breaches
• Most breaches are up: led by unauthorized Access by Employees
- Insider breaches almost double in 2009, now comparable to USA rates
• Disclosure or loss of customer data remains top issue
• Organizations cite damage to brand as biggest breach concern
IT Security Budgets
• Growing threat has rendered most security budgets inadequate
• The average security budget was 7% of the IT budget
• Top performing respondents spent at least 10% of their IT budget on IT security
IT Security Profession
• Organizations rewarding formal education more than certifications
• 46% of respondents earned more than $100,000
IT Governance and Outsourcing
• High-performing security programs have strong governance and focus on education
• Business metrics substantially increased the perceived value of security
• On-shore security outsourcing increases
- Privacy favouring Canadian service providers
- Publicly traded companies outsource to the best-value provider regardless of location
Technology and Security Countermeasures
• Application security practices not keeping up with evolving threats
- More than half of respondents consider security in their development lifecycle
- Focus in Canada is predominantly towards after-the-fact security, rather than “build it secure.”
• Cloud security concerns similar to classic outsourcing
• Technology investments focus on fighting malware
- Organizations favour protecting applications versus fixing them
Breaches
• Breaches and annual costs are up; per breach costs are down
• Canada catching up to USA in terms of breaches
• Most breaches are up: led by unauthorized Access by Employees
- Insider breaches almost double in 2009, now comparable to USA rates
• Disclosure or loss of customer data remains top issue
• Organizations cite damage to brand as biggest breach concern
IT Security Budgets
• Growing threat has rendered most security budgets inadequate
• The average security budget was 7% of the IT budget
• Top performing respondents spent at least 10% of their IT budget on IT security
IT Security Profession
• Organizations rewarding formal education more than certifications
• 46% of respondents earned more than $100,000
IT Governance and Outsourcing
• High-performing security programs have strong governance and focus on education
• Business metrics substantially increased the perceived value of security
• On-shore security outsourcing increases
- Privacy favouring Canadian service providers
- Publicly traded companies outsource to the best-value provider regardless of location
Technology and Security Countermeasures
• Application security practices not keeping up with evolving threats
- More than half of respondents consider security in their development lifecycle
- Focus in Canada is predominantly towards after-the-fact security, rather than “build it secure.”
• Cloud security concerns similar to classic outsourcing
• Technology investments focus on fighting malware
- Organizations favour protecting applications versus fixing them
3 Oct 2009
Computer hacks jump in 2009 study
You might have seen this week's news that were talking about the evolving threat in Canada…
Computer hacks jump in '09: study
CBC News
REF: http://www.cbc.ca/technology/story/2009/09/29/telus-it-breach-2008.html
Les brèches de sécurité en TI coûtent cher aux entreprises
Magazine Les Affaires
Magazine Les Affaires
Les brèches de sécurité dans le secteur des technologies de l’information coûteront en moyenne 834 000 dollars à chaque organisation canadienne en 2009, soit environ deux fois plus qu’en 2008
REF : http://lesaffaires.com/secteurs-d-activite/technologies-et-telecommunications/les-breches-de-securite-en-ti-coutent-cher-aux-entreprises/502777
The best way is to be ahead of the threat, as the IBM ISS R&D group called X-Force says so well. This is a differentiating factor for IBM to have X-Force and the ISS solutions that "box" them. This group regularily publishes vulnerability and threat reports that provide a good summary of they do on a day-to-day basis : http://www-935.ibm.com/services/us/iss/xforce/trendreports/ :
Latest Trend and Risk Report
In addition to standard vulnerability, malware, spam, phishing, and web threat statistics, the IBM X-Force 2009 Mid-year Trend and Risk Report features the following special topics:- Document vulnerabilities. In the first half of the year alone, the total number of vulnerabilities disclosed in some of the document types we traditionally consider "secure" has already exceeded the total number of disclosed vulnerabilities found in them in all of 2008.
- Most disclosed vulnerabilities. Microsoft is no longer number one in the "most disclosed vulnerabilities" category.
- Better Browsers. More secure (if you update) but still the main exploitation target.
- Bad Web Links. More prolific for spam, phishing, and the delivery of malicious code.
- Conficker and Lessons Learned. Conficker had baffled security researchers, caused panic among computer users, and had shown us a glimpse of the mindset and the sophistication of cybercriminals.
- Read the IBM X-Force 2009 Mid-year Trend and Risk Report
- Download the 2009 Mid-year Trend and Risk Report graphics (ZIP, 5.09MB)
Latest Threat Insight Report
This edition of the X-Force Threat Insight Report provides an exhaustive list of security alerts, breaches and the most commonly seen threats in Q2 2009. It also delivers two new and insightful articles by IBM ISS researchers. The first article assesses one of the more serious threats of 2009, Conficker. The Conficker worm family has evolved into a massive sophisticated malicious botnet arsenal and infrastructure of millions of compromised hosts. The second article discusses Internet fraud schemes, specifically, Advance Fee schemes and Romance scams.- Read the latest Threat Insight Report (690KB)
- NEW! Listen to the first IBM X-Force Threat Insight Quarterly Podcast
Subscribe to:
Posts (Atom)